Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869

Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their privileges on any Joomla site. Both issues combined give the attackers enough power to easily upload backdoor files and get complete control of the vulnerable site.

A few hours after the patch was released, we were able to reverse-engineer it. We created an internal-only tool that allowed us to exploit the vulnerability and upload a backdoor.